Lucene search

K
cve[email protected]CVE-2017-2314
HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-2314

2017-07-1713:18:23
CWE-20
web.nvd.nist.gov
22
cve-2017-2314
bgp
open message
juniper networks
rpd process
denial of service
nvd
security issue
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.4%

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50.

Affected configurations

NVD
Node
juniperjunosMatch12.3
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r10
OR
juniperjunosMatch12.3r11
OR
juniperjunosMatch12.3r12
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
Node
juniperjunosMatch12.3x48-
OR
juniperjunosMatch12.3x48d10
OR
juniperjunosMatch12.3x48d15
OR
juniperjunosMatch12.3x48d20
OR
juniperjunosMatch12.3x48d25
OR
juniperjunosMatch12.3x48d30
OR
juniperjunosMatch12.3x48d35
OR
juniperjunosMatch12.3x48d40
OR
juniperjunosMatch12.3x48d45
Node
juniperjunosMatch14.1
OR
juniperjunosMatch14.1r1
OR
juniperjunosMatch14.1r2
OR
juniperjunosMatch14.1r3
OR
juniperjunosMatch14.1r4
OR
juniperjunosMatch14.1r5
OR
juniperjunosMatch14.1r6
OR
juniperjunosMatch14.1r7
OR
juniperjunosMatch14.1r8
Node
juniperjunosMatch14.1x53-
OR
juniperjunosMatch14.1x53d15
OR
juniperjunosMatch14.1x53d16
OR
juniperjunosMatch14.1x53d25
OR
juniperjunosMatch14.1x53d26
OR
juniperjunosMatch14.1x53d27
OR
juniperjunosMatch14.1x53d30
OR
juniperjunosMatch14.1x53d35
Node
juniperjunosMatch14.2
OR
juniperjunosMatch14.2r1
OR
juniperjunosMatch14.2r2
OR
juniperjunosMatch14.2r3
OR
juniperjunosMatch14.2r4
OR
juniperjunosMatch14.2r5
OR
juniperjunosMatch14.2r6
Node
juniperjunosMatch15.1
OR
juniperjunosMatch15.1f2
OR
juniperjunosMatch15.1f4
OR
juniperjunosMatch15.1f5
Node
juniperjunosMatch13.3
OR
juniperjunosMatch13.3r1
OR
juniperjunosMatch13.3r2
OR
juniperjunosMatch13.3r3
OR
juniperjunosMatch13.3r9
Node
juniperjunosMatch14.1x55
Node
juniperjunosMatch15.1x49d10
OR
juniperjunosMatch15.1x49d20
OR
juniperjunosMatch15.1x49d30
OR
juniperjunosMatch15.1x49d35
OR
juniperjunosMatch15.1x49d40
OR
juniperjunosMatch15.1x49d45
OR
juniperjunosMatch15.1x49d50
OR
juniperjunosMatch15.1x49d55
OR
juniperjunosMatch15.1x49d60
OR
juniperjunosMatch15.1x49d65
OR
juniperjunosMatch15.1x49d70
OR
juniperjunosMatch15.1x49d75
OR
juniperjunosMatch15.1x49d80
OR
juniperjunosMatch15.1x49d90
Node
juniperjunosMatch15.1x53d10
OR
juniperjunosMatch15.1x53d20
OR
juniperjunosMatch15.1x53d21
OR
juniperjunosMatch15.1x53d30
OR
juniperjunosMatch15.1x53d32
CPENameOperatorVersion
juniper:junosjuniper junoseq12.3

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4"
      },
      {
        "status": "affected",
        "version": "12.3X48 prior to 12.3X48-D50"
      },
      {
        "status": "affected",
        "version": "13.3 prior to 13.3R4-S11, 13.3R10"
      },
      {
        "status": "affected",
        "version": "14.1 prior to 14.1R8-S3, 14.1R9"
      },
      {
        "status": "affected",
        "version": "14.1X53 prior to 14.1X53-D40"
      },
      {
        "status": "affected",
        "version": "14.1X55 prior to 14.1X55-D35"
      },
      {
        "status": "affected",
        "version": "14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7"
      },
      {
        "status": "affected",
        "version": "15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4"
      },
      {
        "status": "affected",
        "version": "15.1X49 prior to 15.1X49-D100"
      },
      {
        "status": "affected",
        "version": "15.1X53 prior to 15.1X53-D33, 15.1X53-D50"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.4%

Related for CVE-2017-2314